Social Networks and Financial Institutions Top Phishing Bait

According to a new report, phishing operations overwhelmingly choose to impersonate social networks (35.39%) and financial organizations (31.45%) to compromise targets, accounting for more than two-thirds of the “bait” employed by attackers.

“Phishing, or creating fake copies of sites to obtain confidential user data, is a very common cyber threat. This is largely due to the fact that to deploy the simplest phishing campaign, cybercriminals do not need to have specific programming knowledge – it’s enough to have certain skills in creating web pages,” the report states.

“The main purpose of phishing is to convince the victims they are visiting a real site, not a fake one. These attempts are often successful so phishing campaigns are used both as the main tool to obtain sensitive user information and as part of a complex attack to lure users to a site from which malware will be downloaded on to their device.”

The report notes that the majority these phishing operations are specifically to gain direct access to victim’s banking accounts in order to pilfer funds, providing immediate financial gain for the attackers, as opposed to those who seek to compromise systems with malware that can be used to create botnets for spamming or DDoS attacks, for the which the owners then have to market the services in order to make money.

Key findings in the report include:

31.45% of all phishing attacks in 2013 targeted financial institutions